Prior to working at EFF, Jacob was on Twitter's anti-spam and security teams. On the security team, he implemented HTTPS-by-default with forward secrecy, key pinning, HSTS, and CSP. On anti-spam, he deployed new machine-learned models to detect and block spam in realtime. Before Twitter, he worked at Google, variously on the maps, transit, and shopping teams.

Deeplinks Posts by Jacob

Twitter plans to roll out a new privacy policy on June 18, and, with it, is promising to roll back its longstanding commitment to obey the Do Not Track (DNT) browser privacy setting. Instead, the company is switching to the Digital Advertising Alliance's toothless and...

The last year has seen enormous progress in encrypting the web. Two categories in particular have made extraordinary strides: news sites and US government sites. The progress in those fields is due to months of hard work from many technologists; it can also be attributed in part to ...

Election security experts concerned about voting machines are calling for an audit of ballots in the three states where the presidential election was very close: Michigan, Wisconsin and Pennsylvania. We agree. This is an important election safety measure and should happen in all elections, not just those that have...

At 9:04am GMT today, the Let's Encrypt Certificate Authority issued its millionth certificate. This is an amazing success, coming only 3 months and 5 days since a beta version of the service became publicly available. We're very excited to be building a more secure and fully encrypted future for...

Today, Verizon reached an agreement with the FCC to acquire affirmative consent before injecting their UIDH tracking header into their customers' web activity on non-Verizon owned sites. This is exactly what we asked them to do in November 2014, and is a huge win for Internet privacy...

Today marks a major milestone for the encrypted Web. Let's Encrypt, the free and automated certificate authority, has entered Public Beta. That means it's easier than ever for websites to adopt HTTPS encryption. A huge percentage of the world's daily Internet usage currently takes place over unecrypted HTTP, exposing people...

The first free and automated certificate authority, Let's Encrypt, will launch to the public in September of this year. This is a huge milestone for web security and privacy. Encryption in transit (HTTPS) is vital to protect people and websites from spying and tampering. Someday soon, we hope every...

Librarians have long understood that to provide access to knowledge it is crucial to protect their patrons' privacy. Books can provide information that is deeply unpopular. As a result, local communities and governments sometimes try to ban the most objectionable ones. Librarians rightly see it as their duty...

The White House Office of Management and Budget has published a new standard recommending full HTTPS on all federal web sites and web services. They are accepting public comments until April 14; if you care about privacy and security, you should weigh in.This post...